{"uuid": "947ed00f-cbf3-4d6c-a7fb-f15a7efb48e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42836", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181", "content": "Microsoft heeft een groot aantal kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot diverse categorie\u00ebn schade, zoals omschreven in onderstaande tabellen.\n\nTussen deze kwetsbaarheden zitten een zestal zeer ernstige, welke door Microsoft zijn ingeschaald met een CVSS score van 9 en hoger.\nDeze kwetsbaarheden bevinden zich in diverse componenten van Windows die bereikbaar en benaderbaar zijn vanaf netwerkverbindingen, zoals http.sys, DHCP, de Kernel en TCP/IP. Door de externe bereikbaarheid en de mogelijkheden tot uitvoer van willekeurige code, is het risico op grootschalig misbruik op korte termijn aanwezig. Op dit moment wordt (nog) geen actief misbruik waargenomen en is (nog) geen publieke Proof-of-Concept (PoC) of exploit bekend, maar het NCSC verwacht deze wel op korte termijn en adviseert daarom deze updates met spoed in te zetten.\n\n```\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42904 | 9.60 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42915 | 5.70 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45655 | 5.30 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-45658 | 7.80 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-50507 | 6.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45595 | 5.40 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44803 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2026-44812 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Push Notifications: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42969 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42971 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42970 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42973 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42978 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42977 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42979 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42991 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41108 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Port Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45640 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-34335 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45601 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45598 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45596 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45638 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45603 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42911 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nFunction Discovery Service (fdwsd.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42836 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-10263 | 9.30 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45657 | 9.80 | Uitvoeren van willekeurige code | \n| CVE-2026-48583 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45653 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42984 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45588 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48568 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48570 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48573 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48575 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48576 | 7.90 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-48578 | 7.90 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45654 | 7.90 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47289 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-47653 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-47654 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-48563 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42909 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42913 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42992 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-44799 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-44801 | 7.50 | Uitvoeren van willekeurige code | \n| CVE-2026-42985 | 8.80 | Uitvoeren van willekeurige code | \n| CVE-2026-42993 | 7.50 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft UxTheme Library (uxtheme.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45606 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45600 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Client: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45608 | 6.80 | Toegang tot gevoelige gegevens | \n| CVE-2026-44815 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45599 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-45635 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45605 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows UEFI: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45656 | 7.80 | Omzeilen van beveiligingsmaatregel | \n| CVE-2026-8863 | 7.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Hotpatch Monitoring Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42910 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Azure Attestation service and Device Health Attestation Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-33828 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-45642 | 3.90 | Voordoen als andere gebruiker | \n|----------------|------|-------------------------------------|\n\nWindows RDP: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45639 | 7.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42908 | 7.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWinlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42989 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Collaborative Translation Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45586 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47288 | 7.10 | Uitvoeren van willekeurige code | \n| CVE-2026-42903 | 6.50 | Denial-of-Service | \n| CVE-2026-42914 | 5.30 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44810 | 8.40 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45636 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Universal Disk Format File System Driver (UDFS): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-40409 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-40404 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42986 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45607 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-47652 | 8.20 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42980 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42916 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44809 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42828 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42837 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nUI Automation Manager (uiamanager.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45597 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47291 | 9.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Kinect: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-41092 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45593 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48574 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Performance Monitor: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42981 | 8.10 | Uitvoeren van willekeurige code | \n| CVE-2026-42974 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45594 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45604 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Administrator Protection: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42829 | 7.80 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45641 | 8.40 | Uitvoeren van willekeurige code | \n| CVE-2026-42972 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Narrator Braille: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48565 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Server: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45634 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45602 | 9.10 | Manipulatie van gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Internet (wininet.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45592 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42987 | 8.10 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nHTTP/2: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-49160 | 7.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42912 | 7.00 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42968 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nWindows Network Controller (NC) Host Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-44805 | 5.50 | Denial-of-Service | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-48566 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-45637 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42905 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44811 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44808 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44807 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-42983 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44802 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44814 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-44813 | 7.80 | Verkrijgen van verhoogde rechten | \n| CVE-2026-44804 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Boot Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47656 | 7.90 | Omzeilen van beveiligingsmaatregel | \n|----------------|------|-------------------------------------|\n\nWindows Program Compatibility Assistant Service: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45487 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Storage: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-47648 | 7.00 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-42906 | 5.50 | Toegang tot gevoelige gegevens | \n| CVE-2026-42907 | 6.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nActive Directory Domain Services: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2026-45648 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-06-09T15:44:28.000000Z"}